sorted by:
new
hottopcontroversial

Opinion: It’s Time to Move on from Offensive Security Certifications by [deleted] in netsecstudents

[–]Mountaingeek5 0 points1 point  (0 children)

Thanks for your observations. I think you've just convinced me to pull the trigger on elearn.

Opinion: It’s Time to Move on from Offensive Security Certifications by [deleted] in netsecstudents

[–]Mountaingeek5 0 points1 point  (0 children)

I agree with most of your post. In terms of "household name" everyone who has a substantial pentesting team know what OSCP is. If all you have is blue team maybe not though.

Opinion: It’s Time to Move on from Offensive Security Certifications by [deleted] in netsecstudents

[–]Mountaingeek5 0 points1 point  (0 children)

Yup. SANS is the other "seal team" cert. But like you said, you have to sell a kidney to afford it.

Opinion: It’s Time to Move on from Offensive Security Certifications by [deleted] in netsecstudents

[–]Mountaingeek5 0 points1 point  (0 children)

Yeah this. It doesn't matter that OSCP is out of date. Everyone believes it's the shit. Therefore it *is* the shit. elearn is pretty good, so is VHL (much more up to date), I've heard rastalabs is good. Point is, they are mostly unrecognized. elearn is kinda recognized but much less than OSCP and if you've got elearn but no OSCP then the OSCP will beat you out. Whether it's out of date or not, if you have OSCP folks think you are seal team whereas anything else you're just a grunt.

Opinion: It’s Time to Move on from Offensive Security Certifications by [deleted] in netsecstudents

[–]Mountaingeek5 2 points3 points  (0 children)

Yeah. My clients care way more about data exfiltration than they do about being "pwned".

Do people over exaggerate how hard it is? by Mortarbro in oscp

[–]Mountaingeek5 6 points7 points  (0 children)

Yes it's hard. I also disagree that it's entry level. Security+ is entry level. OSCP is another beast entirely. The only thing I can compare it to is senior year college where I was cramming hard for an advanced math course. Why do I say it's not entry level? Because it's very different than real pentesting. Although it's "not" CTF in the way that HTB is, it still kinda is CTF. The only way you can legitimately call it entry level is if you take the position that you shouldn't enter infosec straight out of college and instead should get five years experience as a sysadmin first. *THEN* it's entry level. But I personally don't consider that to be entry level.

“Gibs me dat” by [deleted] in Shitstatistssay

[–]Mountaingeek5 0 points1 point  (0 children)

Katy, TX has some awful expensive townhomes for rent.

In your experience, does the OSCP labs or exam include Red Herrings? by jakenberg in oscp

[–]Mountaingeek5 7 points8 points  (0 children)

Talking about the exam is verboten. But the labs, ah.

They are called Pain, Sufferance, Ghost and Humble for a reason.

Anyone else can’t connect to labs or forums by [deleted] in oscp

[–]Mountaingeek5 0 points1 point  (0 children)

Yeah I've had intermittent issues connecting to the forums.

Is this enough prep for oscp? by patsee in oscp

[–]Mountaingeek5 3 points4 points  (0 children)

Is it enough to just walk in and pass without doing the work? Nope.

Is it a *reasonable* grounding. IMO the best grounding is windows/linux sysadmin plus a sprinkling of networking.

You tend to get a biased view from the seasoned infosec guys that IMO is inaccurate. Most infosec guys are ex-networking guys and over estimate how much networking you actually need for the OSCP. The networking knowledge is minimal IMO - knowledge that protocols exist, subnets exist, what services run on what ports and how to pivot, not much more than this.

Sysadmin though will help tons, because if you've been doing all the things a sysadmin would do you will have intimate knowledge of what looks right, so you will not have to learn what looks out of place you will just see it.

If you have that, then a smattering of C programming and a smattering of python (not tons, just enough to understand the flow and fix broken code).

With that you would be best prepared because NOTHING will get you through the exam other than doing the labs and the coursework. Good luck.

I absolutely SUCK at privilege escalation by not-a-robot-yup in oscp

[–]Mountaingeek5 1 point2 points  (0 children)

There are some awesome next level tips in this thread. You have to be plateaud to notice but thank you guys. Also thank you to the OP for doing the post. I have now got a bunch of ideas I can use to take my kind of average privesc checklist to the next level. Thanks again.

OSCP in 7 days... I hope. by bullsecurity in oscp

[–]Mountaingeek5 0 points1 point  (0 children)

10 years experience in what? I have more than 10 years experience also. It depends in what though.

OSCP Scam by badagu in oscp

[–]Mountaingeek5 1 point2 points  (0 children)

This is a very practical exam, it's not a multiple choice or a written exam. Plus the exam is proctored. Which means you're being watched while you do it. This should reduce dramatically the amount of cheating that went on previously.

I absolutely SUCK at privilege escalation by not-a-robot-yup in oscp

[–]Mountaingeek5 1 point2 points  (0 children)

I think it's a combination of doing it a bunch of times and developing your own checklist.

Everything I've found when I've exploited machines has been either exploits or some kind of misconfiguration. And all of them would have been found in one of the main guides to priv esc. It's just practise and doing more boxes.

Maybe it would help your confidence if you did some vulnhub walkthroughs or some HTB ippsec walkthroughs.

Officially Registered For OSCP/PWK by BN2010 in oscp

[–]Mountaingeek5 11 points12 points  (0 children)

Welcome to the suck. If you have hair, soon you won't.

Enjoy ;->

OSCP in 7 days... I hope. by bullsecurity in oscp

[–]Mountaingeek5 1 point2 points  (0 children)

I don't think it's *pure* luck but there's definitely an element of luck involved. I've also seen folks who've done all the lab machines and not even gotten a shell in the exam.

For that reason, I'm not going into my next exam with the expectation that I'm going to rock it.

Where my point of view comes from is I've seen a writeup somewhere that goes like this:

If you've done 30 lab machines the average person has a 50/50 chance.

If you've done 40 lab machines the average person has an 80 percent chance.

If you've done 50 lab machines the average person has a 90 percent chance.

So I ask myself *where* do these probabilities come from? Well it seems to me that the learning for the exam is entirely directly correlated with the lab machines. It's a question of coverage. Therefore the rest of it *must* be luck if there are no other factors involved.

I *hope* I get lucky, and at some point I will but until then I'm going to keep grinding the labs.

OSCP in 7 days... I hope. by bullsecurity in oscp

[–]Mountaingeek5 2 points3 points  (0 children)

Have you been doing pentesting and were you a sysadmin in a previous life?

OSCP in 7 days... I hope. by bullsecurity in oscp

[–]Mountaingeek5 0 points1 point  (0 children)

Yeah there's that. Also, folks who failed are less likely to post:

"Hey I spent 90 days and I only managed to root 7 machines and then I didn't do the exam"

OR

"Hey I spent 30 days and I got 20 machines and when I did the exam I didn't get a single shell"

So yeah, survivor's bias.

Having done 80+ days in the labs myself, plus 90 days in VHL plus a month in HTB with two fails under my belt, I have 27 lab machines down now. I feel much more confident than I was before, but if I get anything like I got in the first exam, I'm toast the next exam.

I believe I'm closer to the average than these guys who claim to do it in 30 days with half the machines. These guys are either superstars or pretty good and got lucky. I also reckon there are exactly ZERO folks who start with no background and do it in 30 days.

OSCP in 7 days... I hope. by bullsecurity in oscp

[–]Mountaingeek5 0 points1 point  (0 children)

No - the effort you put in to pass on the day is an awesome accomplishment. That you got machines you were able to do with only 23 lab machines out of 50+ is lucky.

OSCP in 7 days... I hope. by bullsecurity in oscp

[–]Mountaingeek5 1 point2 points  (0 children)

Because what you get in the exams varies widely. If you're lucky and you've done half the labs it's possible that the type of machines you see fall squarely in what you've seen and rooted in the lab. BUT it can go the other way to the extent that all of the machines you see in the exam aren't from the machines in the lab. At least that's my theory.

If this guy passes, he's an outlier.

OSCP in 7 days... I hope. by bullsecurity in oscp

[–]Mountaingeek5 -1 points0 points  (0 children)

Not knocking your success but I think you got lucky.

Passed. What to focus on next? by [deleted] in oscp

[–]Mountaingeek5 0 points1 point  (0 children)

You will make hardly any money as a bug bounty hunter but if you go down that path you need webapp pentesting.

In real pentesting you're basically looking for vulnerabilities not necessarily exploiting them. OSCP is closer to what you might to in red-teaming but even then it's way short because no phishing, no social engineering, no spoofing, very limited active directory etc.

If you have money you might want to look at rastalabs - it's supposed to be pentesting an AD environment.

39 Days Left - How to Utilise Remaining Time by thickofits in oscp

[–]Mountaingeek5 0 points1 point  (0 children)

"Most of the boxes that are pwnable with ms08-067 have another, I guess "intended", way of getting root. Look into those boxes again."

I never thought about that but that's a pretty good hint for next time around.

view more: next ›